7 matches found
CVE-2008-1131
Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...
Cross site scripting
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting XSS attacks...
Cross site scripting
Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...
CVE-2008-1131
Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...
CVE-2008-1131
Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...
CVE-2008-1131
CVE-2008-1131 describes a Cross-site Scripting (XSS) vulnerability in Drupal 6.0 where remote authenticated users can inject arbitrary web script or HTML via titles in content edit forms. The affected component is Drupal 6.0’s content editing title handling, with the vulnerability triggered by se...
SA-2008-018 - Drupal core - Cross site scripting
Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages. The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character,...